user nginx;
worker_processes auto;
pid /home/app/pids/nginx.pid;
daemon off;

load_module modules/ngx_http_image_filter_module.so;
load_module modules/ngx_http_geoip_module.so;

events {
  worker_connections <%= ENV["NGINX_WORKER_CONNECTIONS"] || "65535" %>;
  multi_accept on;
  use epoll;
}

http {
  sendfile on;
  client_max_body_size <%= ENV["client_max_body_size"] || "8m" %>;

  tcp_nopush off;
  tcp_nodelay on;

  limit_conn_zone $binary_remote_addr zone=one:100m;
  keepalive_timeout 15;
  types_hash_max_size 2048;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  # ref: https://wiki.mozilla.org/Security/Server_Side_TLS
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

  access_log /home/app/log/nginx-access.log;
  error_log /home/app/log/nginx-error.log;

  # DO NOT CHANGE THIS
  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  # DO NOT CHANGE THIS
  include /etc/nginx/homeland.conf;
  include /etc/nginx/conf.d/*.conf;
}
